Skip to main content
ISC2 Security Congress 2025 Main banner
 
Icon Legend
Additional Fee Required
Additional Fee Required
Pre-Registration Required
Pre-Registration Required
Onsite & Virtual
Onsite & Virtual
Onsite Only
Onsite Only
Earn CPE Credits
Earn CPE Credits
Livestreamed Session
Livestreamed Session
Included in Guest Pass
Included in Guest Pass
Session Recorded
Session Recorded
Student Experience
Student Experience

Call for Papers Proposals

Software Security

Your API Is Probably Not Secure – Learn Techniques for Better Security Testing

Wednesday, October 29, 2025
4:30 PM - 5:30 PM CT
Location: Volunteer C
CPE Credits 1
Onsite & Virtual Earn CPE Credits Livestreamed Session Session Recorded

    Speaker(s)

  • Alexander Vesey, MS

    Software Engineer
    Carnegie Mellon University Software Engineering Institute, United States

Modern Application Programming Interface (API) testing plays a critical role in securing applications against evolving cyber threats. This presentation explores two paradigms for API testing: APIs as software components subject to unit, integration and application-level testing, and assessing APIs through the lens of the Confidentiality, Integrity and Availability (CIA) triad. Specific techniques developers can use to test APIs are discussed, as well as adversarial usage patterns as a foundation for tests.

Learning Objectives:

  • At the end of this session participants will be able to describe how APIs are implemented in modern applications and the ramifications of design choices.
  • At the end of this session participants will be able to identify common API weaknesses and attack patterns.
  • At the end of this session participants will be able to demonstrate how specific testing techniques help to mitigate the risk of an exposed API.